refactor(all): complete rework of the repo

Moving to a recipeless way of doing things
2023-06-09 12:17:09 +02:00 · 2023-06-09 12:17:09 +02:00 · 351f693775
parent b13a5e892f
commit 351f693775
13 changed files with 109 additions and 123 deletions
--- a/46
+++ b/46
@ -1,41 +1,13 @@
-IMAGE_NAME := reg.cadoles.com/cadoles/sp
+################################
+# Makefile for Cadoles SP
+################################
+
+IMAGE_REPO := reg.cadoles.com/cadoles
+IMAGE_NAME := sp
+IMAGE_FULL_NAME := $(IMAGE_REPO)/$(IMAGE_NAME)
+IMAGE_VERSION := 0.1.0
 DOCKERFILE ?=

 DAY_SUFFIX_TAG ?= $(shell date +%Y%m%d)

-build:
-
-_build:
-	docker \
-		build \
-		-t "$(IMAGE_NAME):$(IMAGE_TAG)" \
-		-f $(DOCKERFILE) \
-		.
-
-scan:
-
-_scan: tools/trivy/bin/trivy
-	mkdir -p .trivy/$(IMAGE_NAME)/$(IMAGE_TAG)
-	tools/trivy/bin/trivy --cache-dir .trivy/.cache image -o ".trivy/$(IMAGE_NAME)/$(IMAGE_TAG)/report.txt" $(TRIVY_ARGS) $(IMAGE_NAME):$(IMAGE_TAG)
-	cat ".trivy/$(IMAGE_NAME)/$(IMAGE_TAG)/report.txt"
-	
-tools/trivy/bin/trivy:
-	mkdir -p tools/trivy/bin
-	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
-
-
-release:
-
-_release:
-	docker tag $(IMAGE_NAME):$(IMAGE_TAG) $(IMAGE_NAME):$(IMAGE_TAG)-$(DAY_SUFFIX_TAG)
-	docker push $(IMAGE_NAME):$(IMAGE_TAG)-$(DAY_SUFFIX_TAG)
-	docker push $(IMAGE_NAME):$(IMAGE_TAG)
-
-_test: tools/bin/bash_unit
-	tools/bin/bash_unit ./tests/test_$(IMAGE_TAG).sh
-
-tools/bin/bash_unit:
-	mkdir -p tools/bin
-	cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)	
-
-include recipes/*.mk
+include main.mk
--- a/files/alpine/sp-oidc/base/conf.d/Dockerfile
+++ b/files/alpine/sp-oidc/base/conf.d/Dockerfile
@ -1,14 +0,0 @@
-FROM reg.cadoles.com/proxy_cache/library/alpine:edge
-#FROM reg.cadoles.com/proxy_cache/library/httpd:alpine3.18
-
-# Adding testing repo
-RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
-
-RUN apk update && apk add apache-mod-auth-openidc
-
-COPY conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf
-COPY conf.d/default-vhost.conf /etc/apache2/conf.d/default-vhost.conf
-COPY scripts/httpd-foreground /usr/local/bin/
-
-CMD ["httpd-foreground"]
-
--- a/files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf
+++ b/files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf
@ -1,14 +0,0 @@
-LoadModule auth_openidc_module modules/mod_auth_openidc.so
-
-OIDCProviderMetadataURL ${SP_OIDC_PROVIDER_METADATA_URL} #http://portal.mse.local:8000/auth/.well-known/openid-configuration
-OIDCClientID ${SP_OIDC_CLIENT_NAME} #mse
-OIDCClientSecret ${SP_OIDC_CLIENT_SERCRET} #$mse&123456$
-OIDCProviderTokenEndpointAuth client_secret_basic
-OIDCCookieSameSite On
-OIDCSessionType client-cookie
-OIDCXForwardedHeaders X-Forwarded-Host
-# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
-OIDCRedirectURI  ${SP_OIDC_REDIRECT_URI} #http://portal.mse.local:8000/protected/redirect_uri
-OIDCCryptoPassphrase ${SP_OIDC_CRYPTO_PASSPHRASE} #$mse&123456$
-OIDCOAuthAcceptTokenAs header
-OIDCUnAutzAction 302 ${SP_OIDC_ERROR_URI} #http://portal.mse.local:8000/erreur?msg=mod_auth_fail
--- a/files/images/sp-oidc/base/Dockerfile
+++ b/files/images/sp-oidc/base/Dockerfile
@ -4,11 +4,17 @@ FROM reg.cadoles.com/proxy_cache/library/alpine:edge
 # Adding testing repo
 RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories

-RUN apk update && apk add apache-mod-auth-openidc
+RUN apk update && apk add apache-mod-auth-openidc apache2-ssl
+
+RUN mkdir -p /var/www/html

 COPY files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf
 COPY files/alpine/sp-oidc/base/conf.d/default-vhost.conf /etc/apache2/conf.d/default-vhost.conf
 COPY files/alpine/sp-oidc/base/scripts/httpd-foreground /usr/local/bin/

+RUN chmod +x /usr/local/bin/httpd-foreground
+RUN mkdir -p /var/www/html
+RUN chown apache:apache /var/www/html

-CMD ["httpd-foreground"]
+SHELL ["/bin/sh", "-c"]
+CMD ["/usr/local/bin/httpd-foreground"]
--- a/files/images/sp-oidc/base/conf.d/default-vhost.conf
+++ b/files/images/sp-oidc/base/conf.d/default-vhost.conf
--- a/files/images/sp-oidc/base/conf.d/mod-auth-openidc.conf
+++ b/files/images/sp-oidc/base/conf.d/mod-auth-openidc.conf
@ -0,0 +1,14 @@
+LoadModule auth_openidc_module modules/mod_auth_openidc.so
+
+OIDCProviderMetadataURL ${SP_OIDC_PROVIDER_METADATA_URL} 
+OIDCClientID ${SP_OIDC_CLIENT_NAME} 
+OIDCClientSecret ${SP_OIDC_CLIENT_SECRET} 
+OIDCProviderTokenEndpointAuth client_secret_basic
+OIDCCookieSameSite On
+OIDCSessionType client-cookie
+OIDCXForwardedHeaders X-Forwarded-Host
+# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
+OIDCRedirectURI  ${SP_OIDC_REDIRECT_URI} 
+OIDCCryptoPassphrase ${SP_OIDC_CRYPTO_PASSPHRASE} 
+OIDCOAuthAcceptTokenAs header
+OIDCUnAutzAction 302 ${SP_OIDC_ERROR_URI} 
--- a/files/images/sp-oidc/base/conf.d/scripts/httpd-foreground
+++ b/files/images/sp-oidc/base/conf.d/scripts/httpd-foreground
--- a/files/images/sp-oidc/base/conf.d/test_alpine-sp-oidc.sh
+++ b/files/images/sp-oidc/base/conf.d/test_alpine-sp-oidc.sh
--- a/files/images/sp-oidc/base/scripts/httpd-foreground
+++ b/files/images/sp-oidc/base/scripts/httpd-foreground
--- a/files/images/sp-shibboleth/base/Dockerfile
+++ b/files/images/sp-shibboleth/base/Dockerfile
--- a/main.mk
+++ b/main.mk
@ -0,0 +1,78 @@
+IMAGES_DIR := ./files/images
+
+#
+# $1: IMAGE_NAME
+# $2: IMAGE_TAG
+#
+define build_image
+	echo "Building ${IMAGE_REPO}/$1";\
+	docker build \
+		-t "${IMAGE_REPO}/$1:$2" \
+		-f ${IMAGES_DIR}/$1/$2/Dockerfile \
+		.	
+endef
+
+#
+# $1: IMAGE_NAME
+# $2: IMAGE_TAG
+#
+define scan_image
+	echo "Scanning ${IMAGE_REPO}/$1"; \
+	mkdir -p .trivy/$(IMAGE_REPO)/$1/$2; \
+	tools/trivy/bin/trivy --cache-dir .trivy/.cache image -o ".trivy/$(IMAGE_REPO)/$1/$2/report.txt" $(TRIVY_ARGS) $(IMAGE_REPO)/$1:$2 ; \
+	cat ".trivy/$(IMAGE_REPO)/$1/$2report.txt"
+endef
+
+define install_trivy
+	mkdir -p tools/trivy/bin ; \
+	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
+endef
+
+define release_image
+	docker tag $(IMAGE_REPO)/$1:$2 $(IMAGE_REPO)/$1:$2-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) ; \
+	docker tag $(IMAGE_REPO)/$1:$2 $(IMAGE_REPO)/$1:$2-$(IMAGE_VERSION);                    \
+	docker tag $(IMAGE_REPO)/$1:$2 $(IMAGE_REPO)/$1:$2-latest ;                             \
+	docker push $(IMAGE_REPO)/$1:$2-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) ;                                \
+	docker push $(IMAGE_REPO)/$1:$2-$(IMAGE_VERSION) ;                                                  \
+	docker push $(IMAGE_REPO)/$1:$2-latest
+endef
+	
+
+#list:
+build: ${IMAGES_DIR}/*
+	@for name in $(basename $(notdir $^)); do \
+		$(call build_image,$${name},base); \
+	done;\
+
+scan: ${IMAGES_DIR}/*
+	$(call install_trivy)
+	@for name in $(basename $(notdir $^)); do \
+		$(call scan_image,$${name},base); \
+	done;\
+	
+tools/trivy/bin/trivy:
+	mkdir -p tools/trivy/bin
+	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
+
+
+release: ${IMAGES_DIR}/*
+	@for name in $(basename $(notdir $^)); do \
+		$(call release_image,$${name},base); \
+	done;\
+
+_release:
+	docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
+	docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
+	docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
+	docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
+	docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
+	docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
+
+_test: tools/bin/bash_unit
+	tools/bin/bash_unit ./tests/test_$(IMAGE_TAG).sh
+
+tools/bin/bash_unit:
+	mkdir -p tools/bin
+	cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)	
+
+##include recipes/*.mk
--- a/recipes/alpine-sp-oidc.mk
+++ b/recipes/alpine-sp-oidc.mk
@ -1,28 +0,0 @@
-build: build-alpine-sp-oidc-base
-
-build-alpine-sp-oidc-base:
-	$(MAKE) \
-		IMAGE_TAG=alpine-sp-oidc-base \
-		DOCKERFILE=files/alpine/sp-oidc/base/Dockerfile \
-		_build
-
-scan: scan-alpine-sp-oidc-base
-
-scan-alpine-sp-oidc-base:
-	$(MAKE) \
-		IMAGE_TAG=alpine-sp-oidc-base \
-		_scan
-
-release: release-alpine-sp-oidc-base
-
-release-alpine-sp-oidc-base:
-	$(MAKE) \
-		IMAGE_TAG=alpine-sp-oidc-base \
-		_release
-
-test: test-alpine-sp-oidc-base
-
-test-alpine-sp-oidc-base:
-	$(MAKE) \
-		IMAGE_TAG=alpine-sp-oidc-base \
-		_test
--- a/recipes/debian-sp-shib.mk
+++ b/recipes/debian-sp-shib.mk
@ -1,28 +0,0 @@
-build: build-debian-sp-shib-base
-
-build-debian-sp-shib-base:
-	$(MAKE) \
-		IMAGE_TAG=debian-sp-shib-base \
-		DOCKERFILE=files/debian/sp-shib/base/Dockerfile \
-		_build
-
-scan: scan-debian-sp-shib-base
-
-scan-debian-sp-shib-base:
-	$(MAKE) \
-		IMAGE_TAG=debian-sp-shib-base \
-		_scan
-
-release: release-debian-sp-shib-base
-
-release-debian-sp-shib-base:
-	$(MAKE) \
-		IMAGE_TAG=debian-sp-shib-base \
-		_release
-
-test: test-debian-sp-shib-base
-
-test-debian-sp-shib-base:
-	$(MAKE) \
-		IMAGE_TAG=debian-sp-shib-base \
-		_test